what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 2 of 2

OSVDB: OSVDB-75095

LotusCMS 3.0 PHP Code Execution

Posted Jun 26, 2013

Authored by infodox

LotusCMS version 3.0 remote PHP code execution exploit as disclosed in 2011. It spawns a reverse shell.

tags | exploit, remote, shell, php, code execution

advisories | OSVDB-75095

SHA-256 | 56acf18780a5602a4ab5e831ef3c7a6cfef83560842950e615cae1fc4847bc4b

Download | Favorite | View

LotusCMS 3.0 eval() Remote Command Execution

Posted Mar 8, 2012

Authored by Alligator Security Team | Site metasploit.com

This Metasploit module exploits a vulnerability found in Lotus CMS 3.0's Router() function. This is done by embedding PHP code in the 'page' parameter, which will be passed to a eval call, therefore allowing remote code execution. The module can either automatically pick up a 'page' parameter from the default page, or manually specify one in the URI option.

tags | exploit, remote, php, code execution

advisories | OSVDB-75095

SHA-256 | 9cfa92781759b0e3fca07d4e2381bdf31f60c42eb04c18946ce17fa3ef4f50c3

Download | Favorite | View